Valuable, dear, beloved users for which the business has boundless sympathy, empathy, and compassion are now awkwardly the source of compliance concerns for which the costs outstrip the reasonably expected revenues enabled by compliance. While compassion is unlimited, it is possible the budgets and time may not be.
"for which the costs outstrip the reasonably expected revenues enabled by compliance"
The GDPR is not about revenue but about privacy. It's not meant to be cost neutral. Bank robbers could also quote you to complain about the burden of anti-robbery laws.
You're absolutely right! GDPR is in no way, shape, form, or manner meant to be cost-neutral. Your point about bank robbers is well-taken.
However, is it possible that in a context where companies are weighing the cost of GDPR compliance against the benefits of GDPR compliance (i.e., keeping their EU business) some might come down on the side of jettisoning the EU business? They might even opt to do it by using a tool, like Cloudflare Workers, that they can convince to block everyone in the EU.
You would be absolutely, completely, 100% right to consider this fully in line with the intentions of GDPR. Protect privacy or GTFO, right?
If companies find it too onerous to do business in the EU I am sure others will happily fill that gap, so I am not worried. A lot of polluters probably also went out of business once environmental regulations got tightened.
You're right! I'm also sure others will happily try!
With that said, it's possible that a fragmented market with fewer legal business models may not be as conducive an environment to all possible businesses. It's even possible that as a result, not all gaps will get filled.
Personally I think it's healthier to have a fragmented market. Maybe it's not as efficient but fragmentation makes it more possible for smaller companies to find a niche. Otherwise big companies like Amazon, Facebook and others monopolize business world wide.
Different legal models also provide grounds for experimentation. Who knows what works better in the long run? Wild West or regulation like GDPR? We don't know.
Sometimes a fragmented market just means everyone has the same problem and nobody can solve it profitably at a price that works for most. Then things just suck for everyone.
Which is to say that you could be right! Absolutely and completely! Or you could be really wrong. Time will tell. The economic history of protectionism could be read by some to provide some clues, though.
Is it? It's a lot of bloviating about love and kindness and positivity that dances around the point a lot. It implies, instead of being explicit. It focuses on feelings instead of making a point clearly and concisely.
It's poor communication. For the same reasons, it's great PR material.
> But I wonder what changed since last week because those compliance concerns were just as valid last week.
I imagine that for a lot of really small shops, what's changed is that GDPR is now law when it wasn't for the past couple of years.
> Or do you mean to imply the company knowingly broke the law for a couple of years just because they could?
Maybe! Depends on the company, I should think. In some cases, I'm completely certain that you're absolutely right and they've been knowingly breaking the law for years because they can and there were no consequences.
For others, it's possible that the situation may be more subtle. The costs in time and money and opportunity costs to determine how compliant they are or need to be might be daunting or dwarf any reasonable forecast of revenue from EU users.
It's possible that not all scenarios might not be quite as simple as having nothing to fear so long as you are doing nothing wrong.
> That just isn't true, the GDPR has been law for the last two years and before that there was a law with roughly the same (say 80% or so) components.
You're absolutely, completely, 100% correct! Please accept my deepest apologies for being unclear.
Until May 25, GDRP which has been law for years did not take full effect. It's possible that some people made choices based around which laws are in full effect, rather than what is law, for reasons that might at times be other than negligence or malice.
Again, please accept my apologies for being unclear. Please let me know if there's anything else I can clarify!
But I wonder what changed since last week because those compliance concerns were just as valid last week. Or do you mean to imply the company knowingly broke the law for a couple of years just because they could?
You keep repeating this on various threads, but it's not a good argument.
It's obvious: for companies that are now blocking EU users, they weren't in compliance or blocking before because the law wasn't being enforced. Hence the cost / benefit tradeoff was different. Now that possible enforcement is on the table, the calculation has changed. It's pretty simple.
For companies who were ignoring before and ignoring now, nothing has changed. They are either taking a huge risk or are correct in assuming that there's no enforcement mechanism, so they don't need to worry about it.
> You keep repeating this on various threads, but it's not a good argument.
It's an excellent argument. That you don't agree with it is obvious but whether or not a law is enforced or not does not change the fact that it is the law.
Those companies that have decided to block EU users as a rule have done fuck all in the last two years and now, rather belatedly, have realized that in fact they are subject to the law rather than that they can afford to ignore it.
> They are either taking a huge risk or are correct in assuming that there's no enforcement mechanism, so they don't need to worry about it.
I sincerely hope that they will swap positions after the first few fines have been dealt out.
That you don't agree with it is obvious but whether or not a law is enforced or not does not change the fact that it is the law.
And something being "the law" doesn't actually mean anything. If not enforced, laws are just words.
So these companies who are now blocking did the actually rational thing, which is ignore the law right up until it matters.
No fines are going to hit these companies that have no EU presence. That's just scaremongering. And for the ones that do, I guess we'll see. Blocking the EU market seems pretty damn fair to me. I don't understand why the EU thinks it can force a business outside of the EU to deal with their citizens if it doesn't want to?
> No fines are going to hit these companies that have no EU presence.
Oh they will be fined. The question is whether those fines will ever be collected. But the collection of fines is a different part of the government than the part that sets and applies the fines.
> That's just scaremongering.
No, it's a fact of life: if you ignore the law you will be fined.
> And for the ones that do, I guess we'll see.
Oh ok, so they will be fined. At least we agree on something.
Note that the EU at this point in time couldn't care less about those companies that have no POP in the EU, and if that causes companies to pack up and leave then so be it. But those companies that do have a POP and that knowingly and persistently violate the law, whether they are European in origin, American or Chinese deserve to have the book thrown at them if they ignore the law.
> Blocking the EU market seems pretty damn fair to me.
That's just fine, I take it your business is not affected or you plan to ignore the law because they can't collect. I'm perfectly ok with you doing that, don't get me wrong. It's your right to do this but I do think you should be transparent about this.
> I don't understand why the EU thinks it can force a business outside of the EU to deal with their citizens if it doesn't want to?
The EU can't force that, and that's not the intent of the law.
Valuable, dear, beloved users for which the business has boundless sympathy, empathy, and compassion are now awkwardly the source of compliance concerns for which the costs outstrip the reasonably expected revenues enabled by compliance. While compassion is unlimited, it is possible the budgets and time may not be.
Better?